Securing ssh Daemons from Brute-Force Attacks in Ubuntu

  • Install fail2ban:

    aptitude install fail2ban
    
  • Create local configuration:

    cd /etc/fail2ban && cp jail.conf jail.local
    
  • Edit /etc/fail2ban/jail.local and enable ssh-ddos by changing the according enable line to true

  • Restart fail2ban daemon:

    service fail2ban restart
    
  • Since Ubuntu version 10.04 rsyslogd is used; one of its default setting is to reduce the log output by compressing recurrent messages, which breaks the fail2ban-mechanism. Therefore, changing the following line in /etc/rsyslog.conf is vital:

    sed -i ‘s/RepeatedMsgReduction\ on/RepeatedMsgReduction\ off/’ /etc/rsyslog.conf
    
  • Restart fail2ban and rsyslog daemon:

    service fail2ban restart && service rsyslog restart 
    

Leave a Comment